NextGen Gallery < 3.5.0 – CSRF allows File Upload | CVE 2020-35943 | Plugin Vulnerabilities

Description

It was possible to bypass the "validate_ajax_request" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942

Affects Plugins

nextgen-gallery

Fixed in 3.5.0

References

CVE

URL

https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter

Verified

No

WPVDB ID

7e1f1083-4c41-41c8-bbf0-640484384196

Timeline

Publicly Published

2021-02-08 (about 5 years ago)

Added

2021-02-08 (about 5 years ago)

Last Updated

2021-02-09 (about 5 years ago)

Other

Published

Title

Published

2025-04-09

Title

WS Audio Player <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-12-28

Title

NitroPack < 1.10.3 - Multiple CSRF

Published

2025-06-05

Title

Print Invoice & Delivery Notes for WooCommerce < 5.6.0 - Cross-Site Request Forgery

Published

2023-05-30

Title

NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery

Published

2024-05-03

Title

Popup box < 4.1.3 - Cross-Site Request Forgery